You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Winantivirus Pop Ups :( ... Review My Hijackthis Log Plz

I have been having LOTS of problems with my computer. The only thing I have been able to id are WinAntiVirus Pop ups, (2006 and 2007), and some drive error or clean drive pop us as well.

I did run hijackthis for an initial log, and then I ran ComboFix, and after that SUPERAntiSpyware (free home edition)...

After all this, i ran hijackthis a second time.

I'm posting the Log Reports of all these processes I ran.

Can someone help me review my hijackthis Log PLEASEEE? I haven't seen the pop ups in the last few hours now.

My internet connection keeps resetting itself every 3 - 5 minutes. I don't know if this is computer related, or it may be a fault on my internet provider service... Can you tell from this information I'm posting? I'd like to know if I should call my provider.

C:\Archivos de programa\icroso~1C:\check_LSA7.txtC:\DOCUME~1\CECI\DATOSD~1\ASEMBL~1C:\DOCUME~1\CECI\DATOSD~1\CROSOF~1C:\DOCUME~1\CECI\DATOSD~1\CURITY~1C:\DOCUME~1\CECI\DATOSD~1\DOBE~1C:\DOCUME~1\CECI\DATOSD~1\ECURIT~1C:\DOCUME~1\CECI\DATOSD~1\MANTEC~1C:\DOCUME~1\CECI\DATOSD~1\RACLE~1C:\DOCUME~1\CECI\DATOSD~1\SMANTE~1C:\DOCUME~1\CECI\DATOSD~1\STEM32~1C:\DOCUME~1\CECI\MISDOC~1\ASEMBL~1C:\DOCUME~1\CECI\MISDOC~1\SCURIT~1C:\DOCUME~1\CECI\MISDOC~1\SEMBLY~1C:\DOCUME~1\CECI\MISDOC~1\SKS~1C:\DOCUME~1\CECI\MISDOC~1\SMBOLS~1C:\WINDOWS\asembl~1C:\WINDOWS\asks~1C:\WINDOWS\cookies.iniC:\WINDOWS\system32\appatc~1C:\WINDOWS\system32\crosof~1C:\WINDOWS\system32\dobe~1C:\WINDOWS\system32\hxfwsybb.iniC:\WINDOWS\system32\hxfwsybb.ini2C:\WINDOWS\system32\hxfwsybb.tmpC:\WINDOWS\system32\illlm.bak1C:\WINDOWS\system32\illlm.bak2C:\WINDOWS\system32\illlm.iniC:\WINDOWS\system32\illlm.ini2C:\WINDOWS\system32\illlm.tmpC:\WINDOWS\system32\khfecyy.dllC:\WINDOWS\system32\onnnn.bak1C:\WINDOWS\system32\onnnn.bak2C:\WINDOWS\system32\onnnn.iniC:\WINDOWS\system32\packet.dllC:\WINDOWS\system32\pqstv.bak1C:\WINDOWS\system32\pqstv.iniC:\WINDOWS\system32\qhfgkvxl.iniC:\WINDOWS\system32\qhfgkvxl.ini2C:\WINDOWS\system32\rfllkllh.iniC:\WINDOWS\system32\rfllkllh.ini2C:\WINDOWS\system32\sstem3~1C:\WINDOWS\system32\txtchwaq.iniC:\WINDOWS\system32\txtchwaq.ini2C:\WINDOWS\system32\txtchwaq.tmpC:\WINDOWS\system32\vuwvw.bak1C:\WINDOWS\system32\vuwvw.bak2C:\WINDOWS\system32\vuwvw.iniC:\WINDOWS\system32\wnsxs~1C:\WINDOWS\system32\yaccf.bak1C:\WINDOWS\system32\yaccf.bak2C:\WINDOWS\system32\yaccf.iniC:\WINDOWS\wnsxs~1

Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARCHIV~1\Grisoft\AVG7\avgemc.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S3tray2.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXEC:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exeC:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exeC:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exeC:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exeC:\ARCHIV~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\System32\ctfmon.exeC:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exeC:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exeC:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exeC:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXEC:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: